On April 16th 2015, the PHP group released PHP 5.4.40.
14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.
The corresponding packages are now available on Dotdeb :
- for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
- on both amd64 and i386 architectures.
The following modules have been packaged too :
- APC 3.1.13
- apcu 4.0.7
- ffmpeg 0.6.0 (Squeeze only)
- gearman 0.8.3
- geoip 1.0.8
- imagick 3.1.2
- memcache 3.0.8
- memcached 2.2.0
- mongo 1.6.6
- pecl_http 1.7.6
- pinba (master)
- redis 2.2.7
- spplus 1.1
- ssh2 0.12
- xcache 3.2.0
- xdebug 2.3.2
- xhprof 0.9.4
- zendopcache 7.0.5
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.
5 replies on “PHP 5.4.40, for Wheezy and Squeeze”
When you update php, please can you leave around old versions. including things like zendopcache – I have just seen a new problem that might be related, but am unable to downgrade the packages to test as they have been removed from your repository.
@jools : older packages are migrated to http://archives.dotdeb.org/
And it is in the documentation – my sincere apologies! Thanks for the info 🙂
Just a question. I changed session.save_path for cli in php.ini, but it don’t seem to be considered (ini_get). Could it be hardcoded somewhere to: ‘/var/lib/php/session’?
@Daniele : no, there is no such thing, you can still overwrite the configuration directive in INI/Apache/.htaccess files.